ATP in Office 365 E5: What’s it all about?

These endless acronyms! Every company uses them, and the Microsoft universe is jam-packed with them as well. For instance we may encounter product acronyms like SPE and EMS or abbreviated features like the one used in today’s topic: ATP, or Advanced Threat Protection. It is a security feature in the Office 365 E5 Plan . Anton Neidel explains what functions the ATP in Office 365 E5 provides and how it works.

My previous article on the Office 365 E5 Plan touched on this particular feature. The term E5 will probably make you think immediately of communication. But besides this feature, there are other areas that receive a lot of attention – analysis and security.

Hard facts about security vulnerabilities

Let’s start things off with a short story.

IT Security Vulnerability

The world is changing, and IT is no different. So it’s only logical that security requirements are evolving as well. A study by the Gartner Group reveals that $20 billion were spent on security software in 2012. This number is predicted to reach $94 billion by the end of 2017. When asked about their antivirus protection, companies will usually answer that they have a product byKaspersky, TrendMicro, McAfee, or Microsoft.

These solutions have indeed proven effective in the past, but they are becoming increasingly inefficient.
In 2010 the German research Institute AVTEST estimated that there are 49 million malware programs in the wild. McAfee reported in 2011 that two million viruses are discovered each month. In turn, Kaspersky Lab announced in 2013 that around 200,000 new malware programs are identified and neutralized every day.

But what is truly alarming is how long it takes to even detect malware once it has been released into circulation. For instance, researchers at Kaspersky Lab in Moscow discovered in 2012 that a highly complex and hitherto unknown piece of malware called FLAME had been doing the rounds for five years already, stealing data from information systems around the world. FLAME truly represented a failure of the antivirus industry, and most likely brought the entire antivirus software era to an end.

Office 365 Exchange Online: What is this basic protection good for, and where are its limits?

Office 365 Exchange Online

Microsoft Office 365 Exchange Online offers a built-in basic security system in the Exchange Online Protection (EOP) feature. EOP has the following options:

  • Antispam protection
  • Spam management
  • Protection against malware
  • Transport rules
  • Reporting and logging

EOP and its market compatriots are powerless in the face of zero day attacks. A zero day attack describes malware that is entirely unknown to your virus protection and therefore remains undetected. This means that new solutions are necessary, i.e. the existing ones need to be expanded.

Advanced Threat Protection in Office 365 E5: how does advanced protection work?

ATP in Office 365

Advanced Threat Protection (ATP) – is, as the name suggests, included in the security features of the Office 365 E5 Plan and is designed to protect against malware. In this respect, ATP uses the sandbox principle. Put simply, the system works like a Russian doll, installing a computer within another computer. This kind of emulation is frequently described as a virtual machine. Emails arriving in this sandbox are scanned for malware. For instance, email attachments are deliberately opened to see what happens. The actual system cannot be infected, as the malware remains enclosed in the sandbox.

Here’s an example of a cloud scenario:

Office 365 E5 ATP Scenario
  1. The email arrives in the incoming mail server, where it is scanned by Exchange Online Protection.
  2. ATP also scans the email for licensed users.
  3. When the system recognizes a suspicious link or content, the email is removed or the rough contents of the link are described. Naturally, the user and the admin receive notification.

NOTE: inform your users if you enable ATP, as the additional scan can mean that emails arrive with a delay of between three and five minutes.

    Ok, that’s all very well. But what happens if I have my email server on-premises? No problem! Here’s a scenario:

    Office 365 ATP on premise scenario

    How are ATP and EOP licensed?

    How can I license Exchange Online Advanced Threat Protection (ATP) and Exchange Online Protection (EOP)?

    EOP is always included in Enterprise Plans and Business Plans (provided they include Exchange Online).

    ATP is part of the Enterprise 5 Plan (E5) and can also be booked as an add-on with other plans.

    Office 365 ATP Licensing

    Looking for more information about Office 365 E5 Plan?

    We have put together all the information you need on Advanced Threat Protection and the other features in the Office 365 E5 Plan.

    Leipzig, 05/24/2017


    Write a comment